General guidelines for customers to protect themselves from financial fraud risks

Financial fraud often begins with the victim’s response. Customers play a vital role in safeguarding their financial and personal information. Below are key guidelines that individuals—and companies developing awareness programs—should consider reducing the risk of fraud:

  1. Phishing links
  • Never click on links from unknown or suspicious sources. Delete such messages or emails immediately.
  • Unsubscribe and block emails pretending to represent banks or service providers, especially those with clickable links.
  • Always access bank or service provider websites directly. Ensure the site is secure (look for “https” and a padlock symbol).
  • Watch out for spelling errors in URLs and domain names. Report suspicious ones.
  • Check URLs and domain names received in emails for spelling errors. In case of suspicion, report it.
  1. Precautions about vishing calls
  • Legitimate banks or financial institutions will never ask for sensitive information like usernames, passwords, card details, CVV, or OTPs.
  • Never share this information—not even with family or friends.
  1. Fraud due to the use of unknown / unverified mobile apps.
  • Only download apps from trusted, official app stores. Avoid apps recommended by unknown individuals.
  • Check app publishers, user reviews, and ratings before downloading.
  • Review and limit app permissions (e.g., access to contacts, photos) to only what is necessary.
  1. Fraud through Quick Response code (QR) scan
  • Be cautious while scanning QR codes using any payment app. QR codes may have account details embedded in them to transfer money to a particular account.
  • Never scan any QR code to receive money. Transactions involving receipt of money do not require scanning barcodes, QR codes, or entering mobile banking PIN, passwords, etc.
  1. ATM card skimming
  • Always check that there is no extra device attached, near the card insertion slot or keypad of the ATM machine, before making a transaction.
  • Cover the keypad with your other hand while entering the PIN.
  • Never write the PIN on your payment card.
  • Do not enter the PIN in the presence of any other or unknown person standing close to you.
  • Do not give your payment card to anyone for withdrawal of cash.
  • Do not follow the instructions given by any unknown person or take assistance and guidance from strangers or unknown people at the ATMs.
  • If cash is not dispensed at the ATM, press the ‘Cancel’ button and wait for the home screen to appear before leaving the ATM.
  1. Lottery fraud
  • Beware of such unbelievable lottery or offers – nobody gives free money, especially large sums of money.
  • Do not make payments or share secure credentials in response to any lottery calls / emails.
  • The Central Bank never opens accounts of members to the public or takes deposits from them. Such messages are fraudulent.
  • Never respond to messages offering OR promising prize money, government aid and required Know Your Customer (KYC) updating to receive prize money from banks, institutions etc.
  1. OTP based Frauds
  • Never share OTP, PIN, personal details, etc., in any form with anyone, including your own friends and family members.
  • Regularly check SMS and emails to ensure that no OTP was generated without your prior knowledge.
  • Always access the official website of the bank, payment company, or e-wallet provider or contact the branch to avail themselves of their services and seek product and services related information and clarifications.
  1. Ponzi / Multi-Level Marketing (MLM) schemes fraud
  • Returns are proportional to risks. The higher the return, the higher the risk.
  • Any scheme offering abnormally high returns (40-50%) consistently could be the first sign of potential fraud and caution needs to be exercised.
  • Always notice that any payment, commission, or percentage of profit without the actual sale of goods / service is suspicious and may lead to fraud.
  • Do not be tempted by promises of high returns offered by entities running Multi-Level Marketing/ Pyramid Structure schemes.
  1. For device / computer security
  • Change passwords at regular intervals.
  • Install antivirus on your devices and install updates whenever available.
  • Always scan unknown storage drives like (USB) / devices before usage.
  • Do not leave your device unlocked.
  • Configure auto lock of the device after a specified time.
  • Do not install any unknown applications or software on your phone / laptop.
  • Do not store passwords or confidential information on devices.
  1. For safe internet browsing
  • Avoid visiting unsecured, unsafe, and unknown websites.
  • Avoid using unknown browsers.
  • Avoid saving passwords on public devices.
  • Avoid entering secure credentials on unknown websites, or public devices.
  • Do not share personal information with anyone, particularly unknown people on social media.
  • Always verify security of any webpage by ensuring the presence of two indicators (https sign, and the pad lock symbol), more so when an email or SMS link is redirected to such pages.
  1. For safe internet banking
  • Always use virtual keyboard on public devices since the keystrokes can also be captured through compromised devices, or keyboard, etc.
  • Log out of the internet banking session immediately after usage.
  • Update passwords on a periodic basis.
  • Do not use the same passwords for your email and internet banking.
  • Avoid using public terminals (Internet cafe, etc.) for financial transactions.
  • Avoid using public Wi-Fi networks.
  1. Factors indicating that a phone is being spied on
  • Unfamiliar applications are being downloaded on the phone.
  • The phone battery is draining faster than usual.
  • Phone turning hot may be a sign of someone spying by running a spyware in the background.
  • An unusual surge in the amount of data consumption can sometimes be a sign that spyware is running in the background.
  • Spyware apps might sometimes interfere with a phone’s shutdown process so that the device fails to turn off properly or takes an unusually long time to do so.
  • Note that text messages can be used by spyware and malware to send and receive data.
  1. Actions to be taken after the occurrence of a fraud
  • Inform your bank or company directly without delay.
  • Block not only the payment cards but also freeze the debit in the bank account linked to the card by visiting your branch or calling the official customer care number available on the bank’s website.
  • Also, check and ensure the safety of other banking channels such as Internet banking, Mobile banking etc., to prevent perpetuation of the fraud once the debit/ credit cards, etc., are blocked following a fraud.
  1. Precautions related to payment cards
  • You should deactivate various features of payment card, online transactions both for domestic and international transactions, in case you are not going to use the card for a while and activate the same only when the card usage is required.
  • Similarly, Near Field Communication (NFC) feature should be deactivated, if the card is not to be used.
  • Before entering PIN at any Point of Sale (POS) site or while using the card at an NFC reader, you must carefully check the amount displayed on the POS machine screen and NFC reader.
  • Never let the merchant take the card away from your sight for swiping while making a transaction.
  1. For password security
  • Use a combination of alphanumeric and special characters in your password.
  • Keep two-factor authentication for all your accounts, if such facility is available.
  • Change your passwords periodically.
  • Avoid having your date of birth, wife’s name, car number etc. as passwords.
  1. How do you know whether a bank or company is genuine or not?
  • Check if the bank or company’s name appears in the list of licensed banks and companies available on the Central Bank’s website under the “Payment Systems” tab.
  • The company should prominently display its license issued by the Central Bank on its website.
  1. General precautions
  • Keep the PIN, password, and credit or debit card number, CVV, etc., private and do not share confidential financial information with banks/ financial institutions, friends or even family members.
  • Avoid saving card details on websites, devices, laptops, or public desktops.
  • Turn on two-factor authentication where such facility is available.
  • Never open / respond to emails from unknown sources as these may contain suspicious attachment or phishing links.
  • Do not share copies of the cheque book, KYC documents with strangers.